Building Automation and Control Systems
The ASIS Foundation is finalizing research to inform security best practices surrounding Building Automation And Control Systems (BACS), also referred to as intelligent buildings.
The Foundation's first stage of BACS research identified 40 vulnerabilities, to which 97 mitigations strategies were aligned. However, so many mitigations strategies were difficult to broadly apply without a clear understanding of context, threats and risk, and what considerations are critical to organizations.
The second stage, an online survey to gauge security and facility professionals' understanding, found that although BACS were identified as risks in half of respondents' organizations, and although a majority of professionals felt they understood BACS, there was a lack of knowledge when it came to critical BACS vulnerabilities.
The outcome of these two stages highlights the need for an ASIS-published framework that provides both a matrix to ascertain organizations’ criticality and a supporting list of questions to aid decision-making. The project is currently in the final research stage.
Enterprise Security Competency Model
Security Performance Metrics